Phase 3: Observability and Governance on Claude Code Wiki

Audit and Compliance -- Three-Layer Architecture

Mon, 01 Jan 0001 00:00:00 +0000

Audit and Compliance – Three-Layer Architecture#

Layer 1: AWS CloudTrail#

Captures every Bedrock InvokeModel call with IAM principal attribution.

What it records:

Timestamp of every API call
IAM principal (which user/role made the call)
Model ID invoked
Source IP address
Request parameters (not prompt content by default)

Configuration:

Enable CloudTrail in the dedicated Bedrock AWS account
Send logs to a centralized S3 bucket with immutable retention policy
Set up CloudWatch Alarms for unusual patterns (e.g., API calls outside business hours, unexpected model IDs)

Limitation: CloudTrail records that a call was made but not what was asked or returned. It’s an access log, not a content log.

Cost Tracking and Budgets

Mon, 01 Jan 0001 00:00:00 +0000

Cost Tracking and Budgets#

The Cost Challenge#

Bedrock bills per-token. 500 developers using Opus for everything can cost $50K–$200K+/month depending on usage intensity. Without controls, costs are unpredictable and can spike when developers discover long-running agentic workflows.

Model Tiering Strategy#

The LLM gateway is the control point for cost management.

Use Case	Model	Approx. Cost	Access
Routine coding, quick edits	Sonnet	Lower per-token	Default for all developers
Architecture, complex reasoning	Opus	Higher per-token	Gated to senior engineers or by request
Summarization, classification	Haiku	Lowest per-token	Claude Code uses automatically as fast model

Implementation#

Configure the LLM gateway to:

Security Controls

Mon, 01 Jan 0001 00:00:00 +0000

Security Controls#

Claude Code Permission Model#

Claude Code requires explicit developer approval for:

Writing or modifying files
Executing shell commands
Making network requests (beyond the LLM API)

This is the first line of defense. Developers see what Claude wants to do before it happens.

Non-Negotiable Controls#

Bypass Mode Disabled#

disableBypassPermissionsMode: "disable" in managed-settings.json prevents --dangerously-skip-permissions. This flag removes all permission prompts and lets Claude execute freely – never use in production or enterprise environments, regardless of developer convenience arguments.